On 04.04.2016, at 19:19, Jesse Glick wrote:
> If you have any executors configured on your master, your system is insecure.
> Set it to zero and use agents exclusively.
Also mentioned on
https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Best+Practices as the
second item after setting up se
On Wednesday, March 30, 2016 at 3:33:50 PM UTC-4, Jason Hull wrote:
>
> For instance, I can create a freestyle job with a script step that does
> something like:
>
> echo 'my own key' >> /home/jenkins/.ssh/authorized_keys
>
If you have any executors configured on your master, your system is
inse
My two cents :
* Set executors number on master to 0 and run jobs only on slaves. That
prevents anyone without admin access to your master to screw it.
* If you're still afraid to screw your slaves, use one-off slaves using one
of the Cloud implementations (using VMWare, Docker, or any other solut
Thank you for your response, Victor!
Below are my responses to your comments. Before that, however, for
background I should state that I work in a large enterprise in a highly
regulated industry. Thus my keen interest in security.
On Wednesday, March 30, 2016 at 3:31:18 PM UTC-5, Victor Martine
I see there are two different points:
1) Securing your Jenkins instance
a) Probably you could add some security policies:
- https://wiki.jenkins-ci.org/display/JENKINS/Securing+Jenkins
- https://wiki.jenkins-ci.org/display/JENKINS/Ownership-Based+security
b) Avoid granting privileges to the
Hi!
How do I protect Jenkins from its own jobs and pipelines?
For instance, I can create a freestyle job with a script step that does
something like:
echo 'my own key' >> /home/jenkins/.ssh/authorized_keys
Also, I can write a pipeline like:
stage 'Destroy'
'rm -rf /home/jenkins'.execute
echo
